<?php
$allowExt = ['exe', 'zip'];
$key = php_uname();

$path = $_GET['path'];

if (!in_array(pathinfo($path, PATHINFO_EXTENSION), $allowExt)) {
    header('Status: 403');
    exit('该文件不允许下载：' . $path);
}

if (!isset($_GET['auth_key']) || !is_string($_GET['auth_key'])) {
    header('Status: 500');
    exit('缺少参数：auth_key');
}

$params = explode('-', $_GET['auth_key'], 4);
if (count($params) < 4) {
    header('Status: 500');
    exit('参数错误：auth_key');
}

if (time() > $params[0]) {
    header('Status: 403');
    exit('链接已失效');
}

$hash = md5($path . '-' . $params[0] . '-' . $params[1] . '-' . $params[2] . '-' . $key);
if ($hash != $params[3]) {
    header('Status: 403');
    exit('该文件不允许下载：' . $path);
}

header('Cache-Control:public, max-age=2592000');
header('Content-Type: application/octet-stream');
header('X-Accel-Limit-Rate: 204800');
header('X-Accel-Redirect: /protected_files' . $path);